" The UA MUST evict all expired Known Pinned Hosts if at any time, an expired Known Pinned Host exists in the cache"
I use rrdtool to keep 5 years of statistics for my server. Once, I accidentally set the date forward, to 2038, wiping out my statistics - there was no way to recover, because rrdtool dutifully wiped all this expired data. Using the word 'evict' seems particularly dangerous, for both active ntp attacks, and accidental wiping. -tom _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
